Redirect attack on Shadowsocks stream ciphers

Shadowsocks is a secure split proxy loosely based on SOCKS5. It’s widely used in china. I found a vulnerability in shadowsocks protocol which break the confidentiality of shadowsocks stream cipher. A passive attacker can easily decrypt all the encrypted shadowsocks packet using our redirect attack. Even more, a man-in-the-middle attacker can modify traffic in real time like there is no encryption at all.

Details of the attack can be found in the pdf. And a POC can be found in the python code.

Vulnerable versions

shadowsocks-py, shadowsocoks-go, shadowsocoks-nodejs

Suggestions

Do not use : shadowsocks-py, shadowsocoks-go, shadowsocoks-nodejs.

Only Use: shadowsocks-libev, go-shadowsocks2 and only use the AEAD ciphers

Credit

Zhiniang Peng (@edwardzpeng) of Qihoo 360 Core Security

Timeline

28/12/2018: Vulnerability found

26/01/2019: Technique details upload

26/03/2019: POC upload

12/02/2020: Published